tournament 3.0.3 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +5 -0
- data/lib/tournament/bracket.rb +9 -5
- data/lib/tournament/pool.rb +15 -10
- data/lib/tournament.rb +1 -1
- data/webgui/app/controllers/reports_controller.rb +10 -4
- data/webgui/app/controllers/users_controller.rb +61 -0
- data/webgui/app/models/user.rb +31 -3
- data/webgui/app/models/user_mailer.rb +7 -0
- data/webgui/app/views/sessions/new.html.erb +2 -0
- data/webgui/app/views/user_mailer/password_reset_notification.erb +7 -0
- data/webgui/app/views/users/lost_password.html.erb +20 -0
- data/webgui/app/views/users/reset_password.html.erb +15 -0
- data/webgui/config/environments/development.rb +1 -1
- data/webgui/config/routes.rb +8 -6
- data/webgui/db/migrate/20100312053540_add_password_reset_code.rb +9 -0
- data/webgui/db/schema.rb +92 -0
- data/webgui/doc/README_FOR_APP +47 -4
- data/webgui/lib/tasks/possibility.rake +1 -1
- data/webgui/vendor/plugins/restful_authentication/LICENSE +20 -0
- data/webgui/vendor/plugins/restful_authentication/README.textile +25 -25
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/authenticated_generator.rb +19 -19
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/authenticated_test_helper.rb +1 -1
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/features/accounts.feature +109 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/{stories/users/sessions.story → features/sessions.feature} +44 -44
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_env.rb +9 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_navigation_steps.rb +48 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb +178 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb +169 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/{stories/rest_auth_stories_helper.rb → features/step_definitions/rest_auth_features_helper.rb} +5 -5
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb +131 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/model.rb +2 -2
- metadata +17 -11
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/rest_auth_stories.rb +0 -22
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb +0 -49
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_resource_steps.rb +0 -179
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_response_steps.rb +0 -171
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/user_steps.rb +0 -153
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/users/accounts.story +0 -186
@@ -8,8 +8,8 @@ authentication:
|
|
8
8
|
* Account approval / disabling by admin
|
9
9
|
* Rudimentary hooks for authorization and access control.
|
10
10
|
|
11
|
-
Several features were updated in May, 2008.
|
12
|
-
* "Stable newer version":http://github.com/technoweenie/restful-authentication/tree/master
|
11
|
+
Several features were updated in May, 2008.
|
12
|
+
* "Stable newer version":http://github.com/technoweenie/restful-authentication/tree/master
|
13
13
|
* "'Classic' (backward-compatible) version":http://github.com/technoweenie/restful-authentication/tree/classic
|
14
14
|
* "Experimental version":http://github.com/technoweenie/restful-authentication/tree/modular (Much more modular, needs testing & review)
|
15
15
|
|
@@ -54,7 +54,7 @@ These best version of the release notes are in the notes/ directory in the
|
|
54
54
|
"source code":http://github.com/technoweenie/restful-authentication/tree/master
|
55
55
|
-- look there for the latest version. The wiki versions are taken (manually)
|
56
56
|
from there.
|
57
|
-
|
57
|
+
|
58
58
|
***************************************************************************
|
59
59
|
|
60
60
|
<a id="AWESOME"/> </a>
|
@@ -62,14 +62,14 @@ h2. Exciting new features
|
|
62
62
|
|
63
63
|
h3. Stories
|
64
64
|
|
65
|
-
There are now
|
65
|
+
There are now "Cucumber":http://wiki.github.com/aslakhellesoy/cucumber/home features that allow expressive, enjoyable tests for the
|
66
66
|
authentication code. The flexible code for resource testing in stories was
|
67
67
|
extended from "Ben Mabey's.":http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
|
68
68
|
|
69
69
|
h3. Modularize to match security design patterns:
|
70
70
|
|
71
71
|
* Authentication (currently: password, browser cookie token, HTTP basic)
|
72
|
-
* Trust metric (email validation)
|
72
|
+
* Trust metric (email validation)
|
73
73
|
* Authorization (stateful roles)
|
74
74
|
* Leave a flexible framework that will play nicely with other access control / policy definition / trust metric plugins
|
75
75
|
|
@@ -111,8 +111,8 @@ h2. Installation
|
|
111
111
|
This is a basic restful authentication generator for rails, taken from
|
112
112
|
acts as authenticated. Currently it requires Rails 1.2.6 or above.
|
113
113
|
|
114
|
-
**IMPORTANT FOR RAILS > 2.1 USERS** To avoid a @NameError@ exception ("lighthouse tracker ticket":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/tickets/2-not-a-valid-constant-name-errors#ticket-2-2), check out the code to have an _underscore_ and not _dash_ in its name:
|
115
|
-
* either use <code>git clone git://github.com/technoweenie/restful-authentication.git restful_authentication</code>
|
114
|
+
**IMPORTANT FOR RAILS > 2.1 USERS** To avoid a @NameError@ exception ("lighthouse tracker ticket":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/tickets/2-not-a-valid-constant-name-errors#ticket-2-2), check out the code to have an _underscore_ and not _dash_ in its name:
|
115
|
+
* either use <code>git clone git://github.com/technoweenie/restful-authentication.git restful_authentication</code>
|
116
116
|
* or rename the plugin's directory to be <code>restful_authentication</code> after fetching it.
|
117
117
|
|
118
118
|
To use the generator:
|
@@ -140,19 +140,19 @@ To use the generator:
|
|
140
140
|
activation code. (@--stateful@ implies @--include-activation@). Based on the
|
141
141
|
idea at [[http://www.vaporbase.com/postings/stateful_authentication]]. Passing
|
142
142
|
@--skip-migration@ will skip the user migration, and @--skip-routes@ will skip
|
143
|
-
resource generation -- both useful if you've already run this generator.
|
143
|
+
resource generation -- both useful if you've already run this generator.
|
144
144
|
(Needs the "acts_as_state_machine plugin":http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/,
|
145
145
|
but new installs should probably run with @--aasm@ instead.)
|
146
146
|
|
147
147
|
* --aasm: Works the same as stateful but uses the "updated aasm gem":http://github.com/rubyist/aasm/tree/master
|
148
|
-
|
148
|
+
|
149
149
|
* --rspec: Generate RSpec tests and Stories in place of standard rails tests.
|
150
150
|
This requires the
|
151
151
|
"RSpec and Rspec-on-rails plugins":http://rspec.info/
|
152
152
|
(make sure you "./script/generate rspec" after installing RSpec.) The rspec
|
153
153
|
and story suite are much more thorough than the rails tests, and changes are
|
154
154
|
unlikely to be backported.
|
155
|
-
|
155
|
+
|
156
156
|
* --old-passwords: Use the older password scheme (see [[#COMPATIBILITY]], above)
|
157
157
|
|
158
158
|
* --skip-migration: Don't generate a migration file for this model
|
@@ -169,30 +169,30 @@ alter to suit. There are additional security minutae in @notes/README-Tradeoffs@
|
|
169
169
|
|
170
170
|
* Add these familiar login URLs to your @config/routes.rb@ if you like:
|
171
171
|
|
172
|
-
<pre><code>
|
173
|
-
map.signup '/signup', :controller => 'users', :action => 'new'
|
172
|
+
<pre><code>
|
173
|
+
map.signup '/signup', :controller => 'users', :action => 'new'
|
174
174
|
map.login '/login', :controller => 'session', :action => 'new'
|
175
|
-
map.logout '/logout', :controller => 'session', :action => 'destroy'
|
175
|
+
map.logout '/logout', :controller => 'session', :action => 'destroy'
|
176
176
|
</code></pre>
|
177
177
|
|
178
178
|
* With @--include-activation@, also add to your @config/routes.rb@:
|
179
179
|
|
180
|
-
<pre><code>
|
181
|
-
map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
|
182
|
-
</code></pre>
|
180
|
+
<pre><code>
|
181
|
+
map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
|
182
|
+
</code></pre>
|
183
183
|
|
184
184
|
and add an observer to @config/environment.rb@:
|
185
|
-
|
186
|
-
<pre><code>
|
185
|
+
|
186
|
+
<pre><code>
|
187
187
|
config.active_record.observers = :user_observer
|
188
|
-
</code></pre>
|
188
|
+
</code></pre>
|
189
189
|
|
190
190
|
Pay attention, may be this is not an issue for everybody, but if you should
|
191
191
|
have problems, that the sent activation_code does match with that in the
|
192
192
|
database stored, reload your user object before sending its data through email
|
193
193
|
something like:
|
194
194
|
|
195
|
-
<pre><code>
|
195
|
+
<pre><code>
|
196
196
|
class UserObserver < ActiveRecord::Observer
|
197
197
|
def after_create(user)
|
198
198
|
user.reload
|
@@ -207,16 +207,16 @@ alter to suit. There are additional security minutae in @notes/README-Tradeoffs@
|
|
207
207
|
|
208
208
|
|
209
209
|
* With @--stateful@, add an observer to config/environment.rb:
|
210
|
-
|
211
|
-
<pre><code>
|
210
|
+
|
211
|
+
<pre><code>
|
212
212
|
config.active_record.observers = :user_observer
|
213
213
|
</code></pre>
|
214
|
-
|
214
|
+
|
215
215
|
and modify the users resource line to read
|
216
|
-
|
216
|
+
|
217
217
|
map.resources :users, :member => { :suspend => :put,
|
218
218
|
:unsuspend => :put,
|
219
|
-
:purge => :delete }
|
219
|
+
:purge => :delete }
|
220
220
|
|
221
221
|
* If you use a public repository for your code (such as github, rubyforge,
|
222
222
|
gitorious, etc.) make sure to NOT post your site_keys.rb (add a line like
|
@@ -103,8 +103,8 @@ class AuthenticatedGenerator < Rails::Generator::NamedBase
|
|
103
103
|
m.directory File.join('spec/models', class_path)
|
104
104
|
m.directory File.join('spec/helpers', model_controller_class_path)
|
105
105
|
m.directory File.join('spec/fixtures', class_path)
|
106
|
-
m.directory
|
107
|
-
m.directory File.join('
|
106
|
+
m.directory 'features'
|
107
|
+
m.directory File.join('features', 'step_definitions')
|
108
108
|
else
|
109
109
|
m.directory File.join('test/functional', controller_class_path)
|
110
110
|
m.directory File.join('test/functional', model_controller_class_path)
|
@@ -174,23 +174,23 @@ class AuthenticatedGenerator < Rails::Generator::NamedBase
|
|
174
174
|
class_path,
|
175
175
|
"#{table_name}.yml")
|
176
176
|
|
177
|
-
#
|
178
|
-
m.template '
|
179
|
-
File.join('
|
180
|
-
m.template '
|
181
|
-
File.join('
|
182
|
-
m.template '
|
183
|
-
File.join('
|
184
|
-
m.template '
|
185
|
-
File.join('
|
186
|
-
m.template '
|
187
|
-
File.join('
|
188
|
-
m.template '
|
189
|
-
File.join('
|
190
|
-
m.template '
|
191
|
-
File.join('
|
192
|
-
m.template '
|
193
|
-
File.join('
|
177
|
+
# Cucumber features
|
178
|
+
m.template 'features/step_definitions/ra_navigation_steps.rb',
|
179
|
+
File.join('features/step_definitions/ra_navigation_steps.rb')
|
180
|
+
m.template 'features/step_definitions/ra_response_steps.rb',
|
181
|
+
File.join('features/step_definitions/ra_response_steps.rb')
|
182
|
+
m.template 'features/step_definitions/ra_resource_steps.rb',
|
183
|
+
File.join('features/step_definitions/ra_resource_steps.rb')
|
184
|
+
m.template 'features/step_definitions/user_steps.rb',
|
185
|
+
File.join('features/step_definitions/', "#{file_name}_steps.rb")
|
186
|
+
m.template 'features/accounts.feature',
|
187
|
+
File.join('features', 'accounts.feature')
|
188
|
+
m.template 'features/sessions.feature',
|
189
|
+
File.join('features', 'sessions.feature')
|
190
|
+
m.template 'features/step_definitions/rest_auth_features_helper.rb',
|
191
|
+
File.join('features', 'step_definitions', 'rest_auth_features_helper.rb')
|
192
|
+
m.template 'features/step_definitions/ra_env.rb',
|
193
|
+
File.join('features', 'step_definitions', 'ra_env.rb')
|
194
194
|
|
195
195
|
else
|
196
196
|
m.template 'test/functional_test.rb',
|
@@ -1,7 +1,7 @@
|
|
1
1
|
module AuthenticatedTestHelper
|
2
2
|
# Sets the current <%= file_name %> in the session from the <%= file_name %> fixtures.
|
3
3
|
def login_as(<%= file_name %>)
|
4
|
-
@request.session[:<%= file_name %>_id] = <%= file_name %> ? <%= table_name %>(<%= file_name %>).id : nil
|
4
|
+
@request.session[:<%= file_name %>_id] = <%= file_name %> ? (<%= file_name %>.is_a?(<%= file_name.camelize %>) ? <%= file_name %>.id : <%= table_name %>(<%= file_name %>).id) : nil
|
5
5
|
end
|
6
6
|
|
7
7
|
def authorize_as(<%= file_name %>)
|
@@ -0,0 +1,109 @@
|
|
1
|
+
Visitors should be in control of creating an account and of proving their
|
2
|
+
essential humanity/accountability or whatever it is people think the
|
3
|
+
id-validation does. We should be fairly skeptical about this process, as the
|
4
|
+
identity+trust chain starts here.
|
5
|
+
|
6
|
+
Story: Creating an account
|
7
|
+
As an anonymous user
|
8
|
+
I want to be able to create an account
|
9
|
+
So that I can be one of the cool kids
|
10
|
+
|
11
|
+
#
|
12
|
+
# Account Creation: Get entry form
|
13
|
+
#
|
14
|
+
Scenario: Anonymous user can start creating an account
|
15
|
+
Given an anonymous user
|
16
|
+
When she goes to /signup
|
17
|
+
Then she should be at the 'users/new' page
|
18
|
+
And the page should look AWESOME
|
19
|
+
And she should see a <form> containing a textfield: Login, textfield: Email, password: Password, password: 'Confirm Password', submit: 'Sign up'
|
20
|
+
|
21
|
+
#
|
22
|
+
# Account Creation
|
23
|
+
#
|
24
|
+
Scenario: Anonymous user can create an account
|
25
|
+
Given an anonymous user
|
26
|
+
And no user with login: 'Oona' exists
|
27
|
+
When she registers an account as the preloaded 'Oona'
|
28
|
+
Then she should be redirected to the home page
|
29
|
+
When she follows that redirect!
|
30
|
+
Then she should see a notice message 'Thanks for signing up!'
|
31
|
+
And a user with login: 'oona' should exist
|
32
|
+
And the user should have login: 'oona', and email: 'unactivated@example.com'
|
33
|
+
|
34
|
+
And oona should be logged in
|
35
|
+
|
36
|
+
|
37
|
+
#
|
38
|
+
# Account Creation Failure: Account exists
|
39
|
+
#
|
40
|
+
|
41
|
+
|
42
|
+
Scenario: Anonymous user can not create an account replacing an activated account
|
43
|
+
Given an anonymous user
|
44
|
+
And an activated user named 'Reggie'
|
45
|
+
And we try hard to remember the user's updated_at, and created_at
|
46
|
+
When she registers an account with login: 'reggie', password: 'monkey', and email: 'reggie@example.com'
|
47
|
+
Then she should be at the 'users/new' page
|
48
|
+
And she should see an errorExplanation message 'Login has already been taken'
|
49
|
+
And she should not see an errorExplanation message 'Email has already been taken'
|
50
|
+
And a user with login: 'reggie' should exist
|
51
|
+
And the user should have email: 'registered@example.com'
|
52
|
+
|
53
|
+
And the user's created_at should stay the same under to_s
|
54
|
+
And the user's updated_at should stay the same under to_s
|
55
|
+
And she should not be logged in
|
56
|
+
|
57
|
+
#
|
58
|
+
# Account Creation Failure: Incomplete input
|
59
|
+
#
|
60
|
+
Scenario: Anonymous user can not create an account with incomplete or incorrect input
|
61
|
+
Given an anonymous user
|
62
|
+
And no user with login: 'Oona' exists
|
63
|
+
When she registers an account with login: '', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
|
64
|
+
Then she should be at the 'users/new' page
|
65
|
+
And she should see an errorExplanation message 'Login can't be blank'
|
66
|
+
And no user with login: 'oona' should exist
|
67
|
+
|
68
|
+
Scenario: Anonymous user can not create an account with no password
|
69
|
+
Given an anonymous user
|
70
|
+
And no user with login: 'Oona' exists
|
71
|
+
When she registers an account with login: 'oona', password: '', password_confirmation: 'monkey' and email: 'unactivated@example.com'
|
72
|
+
Then she should be at the 'users/new' page
|
73
|
+
And she should see an errorExplanation message 'Password can't be blank'
|
74
|
+
And no user with login: 'oona' should exist
|
75
|
+
|
76
|
+
Scenario: Anonymous user can not create an account with no password_confirmation
|
77
|
+
Given an anonymous user
|
78
|
+
And no user with login: 'Oona' exists
|
79
|
+
When she registers an account with login: 'oona', password: 'monkey', password_confirmation: '' and email: 'unactivated@example.com'
|
80
|
+
Then she should be at the 'users/new' page
|
81
|
+
And she should see an errorExplanation message 'Password confirmation can't be blank'
|
82
|
+
And no user with login: 'oona' should exist
|
83
|
+
|
84
|
+
Scenario: Anonymous user can not create an account with mismatched password & password_confirmation
|
85
|
+
Given an anonymous user
|
86
|
+
And no user with login: 'Oona' exists
|
87
|
+
When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkeY' and email: 'unactivated@example.com'
|
88
|
+
Then she should be at the 'users/new' page
|
89
|
+
And she should see an errorExplanation message 'Password doesn't match confirmation'
|
90
|
+
And no user with login: 'oona' should exist
|
91
|
+
|
92
|
+
Scenario: Anonymous user can not create an account with bad email
|
93
|
+
Given an anonymous user
|
94
|
+
And no user with login: 'Oona' exists
|
95
|
+
When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: ''
|
96
|
+
Then she should be at the 'users/new' page
|
97
|
+
And she should see an errorExplanation message 'Email can't be blank'
|
98
|
+
And no user with login: 'oona' should exist
|
99
|
+
When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
|
100
|
+
Then she should be redirected to the home page
|
101
|
+
When she follows that redirect!
|
102
|
+
Then she should see a notice message 'Thanks for signing up!'
|
103
|
+
And a user with login: 'oona' should exist
|
104
|
+
And the user should have login: 'oona', and email: 'unactivated@example.com'
|
105
|
+
|
106
|
+
And oona should be logged in
|
107
|
+
|
108
|
+
|
109
|
+
|
@@ -3,37 +3,37 @@ only to visitors who present the appropriate credentials. Everyone wants this
|
|
3
3
|
identity verification to be as secure and convenient as possible.
|
4
4
|
|
5
5
|
Story: Logging in
|
6
|
-
As an anonymous
|
6
|
+
As an anonymous user with an account
|
7
7
|
I want to log in to my account
|
8
8
|
So that I can be myself
|
9
9
|
|
10
10
|
#
|
11
11
|
# Log in: get form
|
12
12
|
#
|
13
|
-
Scenario: Anonymous
|
14
|
-
Given an anonymous
|
13
|
+
Scenario: Anonymous user can get a login form.
|
14
|
+
Given an anonymous user
|
15
15
|
When she goes to /login
|
16
|
-
Then she should be at the new
|
16
|
+
Then she should be at the new sessions page
|
17
17
|
And the page should look AWESOME
|
18
18
|
And she should see a <form> containing a textfield: Login, password: Password, and submit: 'Log in'
|
19
19
|
|
20
20
|
#
|
21
21
|
# Log in successfully, but don't remember me
|
22
22
|
#
|
23
|
-
Scenario: Anonymous
|
24
|
-
Given an anonymous
|
25
|
-
And an activated
|
26
|
-
When she creates a singular
|
23
|
+
Scenario: Anonymous user can log in
|
24
|
+
Given an anonymous user
|
25
|
+
And an activated user named 'reggie'
|
26
|
+
When she creates a singular sessions with login: 'reggie', password: 'monkey', remember me: ''
|
27
27
|
Then she should be redirected to the home page
|
28
28
|
When she follows that redirect!
|
29
29
|
Then she should see a notice message 'Logged in successfully'
|
30
30
|
And reggie should be logged in
|
31
31
|
And she should not have an auth_token cookie
|
32
32
|
|
33
|
-
Scenario: Logged-in
|
34
|
-
Given an activated
|
35
|
-
And an activated
|
36
|
-
When she creates a singular
|
33
|
+
Scenario: Logged-in user who logs in should be the new one
|
34
|
+
Given an activated user named 'reggie'
|
35
|
+
And an activated user logged in as 'oona'
|
36
|
+
When she creates a singular sessions with login: 'reggie', password: 'monkey', remember me: ''
|
37
37
|
Then she should be redirected to the home page
|
38
38
|
When she follows that redirect!
|
39
39
|
Then she should see a notice message 'Logged in successfully'
|
@@ -43,92 +43,92 @@ Story: Logging in
|
|
43
43
|
#
|
44
44
|
# Log in successfully, remember me
|
45
45
|
#
|
46
|
-
Scenario: Anonymous
|
47
|
-
Given an anonymous
|
48
|
-
And an activated
|
49
|
-
When she creates a singular
|
46
|
+
Scenario: Anonymous user can log in and be remembered
|
47
|
+
Given an anonymous user
|
48
|
+
And an activated user named 'reggie'
|
49
|
+
When she creates a singular sessions with login: 'reggie', password: 'monkey', remember me: '1'
|
50
50
|
Then she should be redirected to the home page
|
51
51
|
When she follows that redirect!
|
52
52
|
Then she should see a notice message 'Logged in successfully'
|
53
53
|
And reggie should be logged in
|
54
54
|
And she should have an auth_token cookie
|
55
55
|
# assumes fixtures were run sometime
|
56
|
-
And her session store should have
|
56
|
+
And her session store should have user_id: 4
|
57
57
|
|
58
58
|
#
|
59
59
|
# Log in unsuccessfully
|
60
60
|
#
|
61
61
|
|
62
|
-
Scenario: Logged-in
|
63
|
-
Given an activated
|
64
|
-
When she creates a singular
|
62
|
+
Scenario: Logged-in user who fails logs in should be logged out
|
63
|
+
Given an activated user named 'oona'
|
64
|
+
When she creates a singular sessions with login: 'oona', password: '1234oona', remember me: '1'
|
65
65
|
Then she should be redirected to the home page
|
66
66
|
When she follows that redirect!
|
67
67
|
Then she should see a notice message 'Logged in successfully'
|
68
68
|
And oona should be logged in
|
69
69
|
And she should have an auth_token cookie
|
70
|
-
When she creates a singular
|
71
|
-
Then she should be at the new
|
70
|
+
When she creates a singular sessions with login: 'reggie', password: 'i_haxxor_joo'
|
71
|
+
Then she should be at the new sessions page
|
72
72
|
Then she should see an error message 'Couldn't log you in as 'reggie''
|
73
73
|
And she should not be logged in
|
74
74
|
And she should not have an auth_token cookie
|
75
|
-
And her session store should not have
|
75
|
+
And her session store should not have user_id
|
76
76
|
|
77
77
|
Scenario: Log-in with bogus info should fail until it doesn't
|
78
|
-
Given an activated
|
79
|
-
When she creates a singular
|
80
|
-
Then she should be at the new
|
78
|
+
Given an activated user named 'reggie'
|
79
|
+
When she creates a singular sessions with login: 'reggie', password: 'i_haxxor_joo'
|
80
|
+
Then she should be at the new sessions page
|
81
81
|
Then she should see an error message 'Couldn't log you in as 'reggie''
|
82
82
|
And she should not be logged in
|
83
83
|
And she should not have an auth_token cookie
|
84
|
-
And her session store should not have
|
85
|
-
When she creates a singular
|
86
|
-
Then she should be at the new
|
84
|
+
And her session store should not have user_id
|
85
|
+
When she creates a singular sessions with login: 'reggie', password: ''
|
86
|
+
Then she should be at the new sessions page
|
87
87
|
Then she should see an error message 'Couldn't log you in as 'reggie''
|
88
88
|
And she should not be logged in
|
89
89
|
And she should not have an auth_token cookie
|
90
|
-
And her session store should not have
|
91
|
-
When she creates a singular
|
92
|
-
Then she should be at the new
|
90
|
+
And her session store should not have user_id
|
91
|
+
When she creates a singular sessions with login: '', password: 'monkey'
|
92
|
+
Then she should be at the new sessions page
|
93
93
|
Then she should see an error message 'Couldn't log you in as '''
|
94
94
|
And she should not be logged in
|
95
95
|
And she should not have an auth_token cookie
|
96
|
-
And her session store should not have
|
97
|
-
When she creates a singular
|
98
|
-
Then she should be at the new
|
96
|
+
And her session store should not have user_id
|
97
|
+
When she creates a singular sessions with login: 'leonard_shelby', password: 'monkey'
|
98
|
+
Then she should be at the new sessions page
|
99
99
|
Then she should see an error message 'Couldn't log you in as 'leonard_shelby''
|
100
100
|
And she should not be logged in
|
101
101
|
And she should not have an auth_token cookie
|
102
|
-
And her session store should not have
|
103
|
-
When she creates a singular
|
102
|
+
And her session store should not have user_id
|
103
|
+
When she creates a singular sessions with login: 'reggie', password: 'monkey', remember me: '1'
|
104
104
|
Then she should be redirected to the home page
|
105
105
|
When she follows that redirect!
|
106
106
|
Then she should see a notice message 'Logged in successfully'
|
107
107
|
And reggie should be logged in
|
108
108
|
And she should have an auth_token cookie
|
109
109
|
# assumes fixtures were run sometime
|
110
|
-
And her session store should have
|
110
|
+
And her session store should have user_id: 4
|
111
111
|
|
112
112
|
|
113
113
|
#
|
114
114
|
# Log out successfully (should always succeed)
|
115
115
|
#
|
116
|
-
Scenario: Anonymous (logged out)
|
117
|
-
Given an anonymous
|
116
|
+
Scenario: Anonymous (logged out) user can log out.
|
117
|
+
Given an anonymous user
|
118
118
|
When she goes to /logout
|
119
119
|
Then she should be redirected to the home page
|
120
120
|
When she follows that redirect!
|
121
121
|
Then she should see a notice message 'You have been logged out'
|
122
122
|
And she should not be logged in
|
123
123
|
And she should not have an auth_token cookie
|
124
|
-
And her session store should not have
|
124
|
+
And her session store should not have user_id
|
125
125
|
|
126
|
-
Scenario: Logged in
|
127
|
-
Given an activated
|
126
|
+
Scenario: Logged in user can log out.
|
127
|
+
Given an activated user logged in as 'reggie'
|
128
128
|
When she goes to /logout
|
129
129
|
Then she should be redirected to the home page
|
130
130
|
When she follows that redirect!
|
131
131
|
Then she should see a notice message 'You have been logged out'
|
132
132
|
And she should not be logged in
|
133
133
|
And she should not have an auth_token cookie
|
134
|
-
And her session store should not have
|
134
|
+
And her session store should not have user_id
|
@@ -0,0 +1,9 @@
|
|
1
|
+
|
2
|
+
Before do
|
3
|
+
Fixtures.reset_cache
|
4
|
+
fixtures_folder = File.join(RAILS_ROOT, 'spec', 'fixtures')
|
5
|
+
Fixtures.create_fixtures(fixtures_folder, "users")
|
6
|
+
end
|
7
|
+
|
8
|
+
# Make visible for testing
|
9
|
+
ApplicationController.send(:public, :logged_in?, :current_user, :authorized?)
|
@@ -0,0 +1,48 @@
|
|
1
|
+
#
|
2
|
+
# Where to go
|
3
|
+
#
|
4
|
+
|
5
|
+
#
|
6
|
+
# GET
|
7
|
+
# Go to a given page.
|
8
|
+
When "$actor goes to $path" do |actor, path|
|
9
|
+
case path
|
10
|
+
when 'the home page' then get '/'
|
11
|
+
else get path
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
# POST -- Ex:
|
16
|
+
# When she creates a book with ISBN: '0967539854' and comment: 'I love this book' and rating: '4'
|
17
|
+
# When she creates a singular session with login: 'reggie' and password: 'i_haxxor_joo'
|
18
|
+
# Since I'm not smart enough to do it right, explicitly specify singular resources
|
19
|
+
When /^(\w+) creates an? ([\w ]+) with ([\w: \',]+)$/ do |actor, resource, attributes|
|
20
|
+
attributes = attributes.to_hash_from_story
|
21
|
+
if resource =~ %r{singular ([\w/]+)}
|
22
|
+
resource = $1.downcase.singularize
|
23
|
+
post "/#{resource}", attributes
|
24
|
+
else
|
25
|
+
post "/#{resource.downcase.pluralize}", { resource.downcase.singularize => attributes }
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
# PUT
|
30
|
+
When %r{$actor asks to update '$resource' with $attributes} do |_, resource, attributes|
|
31
|
+
attributes = attributes.to_hash_from_story
|
32
|
+
put "#{resource}", attributes
|
33
|
+
dump_response
|
34
|
+
end
|
35
|
+
|
36
|
+
# DELETE -- Slap together the POST-form-as-fake-HTTP-DELETE submission
|
37
|
+
When %r{$actor asks to delete '$resource'} do |_, resource|
|
38
|
+
post "/#{resource.downcase.pluralize}", { :_method => :delete }
|
39
|
+
dump_response
|
40
|
+
end
|
41
|
+
|
42
|
+
|
43
|
+
# Redirect --
|
44
|
+
# Rather than coding in get/get_via_redirect's and past/p_v_r's,
|
45
|
+
# let's just demand that in the story itself.
|
46
|
+
When "$actor follows that redirect!" do |actor|
|
47
|
+
follow_redirect!
|
48
|
+
end
|